Apparatus and method for identity-based encryption within a conventional public-key infrastructure

Abstract

A method of generating an identity-based encryption key includes specifying a master key; receiving an identity-based string; executing a function that processes the master key and the identity-based string to produce a seed; and using the seed to produce an identity-based encryption key.

Description

CROSS REFERENCE TO RELATED APPLICATIONS [0001] This application claims the benefit of U.S. Provisional Application No. 60 / 611,586, entitled “Identity-Based Encryption with Conventional Public-Key Cryptography,” filed on Sep. 20, 2004, the disclosure of which is incorporated herein by reference in its entirety.BRIEF DESCRIPTION OF THE INVENTION [0002] This invention relates generally to digital data security. More particularly, this invention relates to identity-based encryption within a conventional public-key infrastructure. BACKGROUND OF THE INVENTION [0003] Conceptually, public keys behave a lot like telephone numbers—if I want to call you, I need your telephone number. I don't need my own number to make calls (I can use a pay phone, for example); I need a number to receive calls. In a fashion that is analogous to a telephone number, I need your public key to encrypt something so that it is secret to you. [0004] Unlike telephone numbers, public keys are far too big for people to ...

AI Technical Summary

Benefits of technology

[0023] The invention provides for Identity-Based Encryption (IBE), while still being compatible with conventional public-key cryptosystems. As an on-line system, the invention avoids the security problems associated with other IBE systems that permit off-line key generation. Consequently, the invention has the advantages of an IBE system—that any bit string be equivalent to a public key, without the disadvantages of permitting an attacker complete knowledge of the PKG.

Problems solved by technology

Unlike telephone numbers, public keys are far too big for people to remember.

Even elliptic curve keys, which are much shorter than the traditional ones are far too large for a person to remember.

Like any data management problem, certificate management is harder than people would like.

All of the existing IBE systems have their own limitations.

While other systems have proofs of security, there is a notoriously poor relationship between proofs of security and actual system security.

Security proofs can show where a system is safe, but not protect against new assumptions that an adversary can bring to bear against the system nor against uses of a system that its creators did not think of which may be outside of the scope of the original threat model.

Still other subtle problems have shown up on other systems, such as the ability for colluding users to determine the PKG's master key.

Consequently, they are not compatible with existing systems that use RSA (the Rivest-Shamir-Adleman algorithm), Elgamal, or DSA (Digital Signature Algorithm).

This limits their practical application, since there are many existing systems built upon these cryptosystems.

Oftentimes, the strengths of a system are also its weaknesses.

An issue that PKIs must consider in their design is that of a Directory Harvest Attack, in which senders of unwanted advertisements or outright fraudulent confidence games use the directory as a way to discover information paths into the system.

Off-line generation has the disadvantage that there is complete transparency in the directory, since the directory is an algorithm.

Off-line generation has as an additional disadvantage of increased revocation problems.

No IBE system has even considered this real-world problem.

Images